about summary refs log tree commit diff
path: root/machines/profpatsch/haku.nix
Commit message (Collapse)AuthorAgeFilesLines
* haku: prepare for new deploymentProfpatsch2022-10-311-174/+147
| | | | | Comment out a lot of the old stuff that I might not want to re-enable later. And get rid of the pre-tailscale wireguard desaster.
* machines/haku: fix missing groupProfpatsch2021-11-131-0/+1
|
* machines/haku: fix double setting of `nix.maxJobs`Profpatsch2021-07-211-1/+0
|
* machines/haku: disable autoUpgradeProfpatsch2021-06-071-5/+0
| | | | | The service hasn’t been working in a while, since I deploy manually. No security updates for baba.
* modules/profpatsch/gonic: add podcast & scan intervalProfpatsch2021-06-071-0/+4
| | | | On haku, scan every 10 minutes and listen on the tailscale interface.
* machines/haku: enable samba on tailscaleProfpatsch2021-06-071-1/+26
| | | | | | | | Trying out filesharing to my phone. Would never enable samba on the open internet though. :') Might want to switch to ftp since samba seems to be rather imperformant for simple filesharing.
* machines/haku: enable tailscale & refactor ports a bitProfpatsch2021-06-071-5/+24
|
* machines/profpatsch: remove wireguard from extraModulePackagessternenseemann2021-04-131-2/+0
| | | | | | | | Starting with Kernel 5.6 adding this package is no longer necessary. Since the kernelPackages.wireguard attribute returns `null` for that version, evaluation fails. cc @Profpatsch
* services/Profpatsch: add gonic server & enable on hakuProfpatsch2021-03-051-0/+5
| | | | | | | gonic is a modern alternative to mpd, it indexes music directories and provides a server with a protocol to request files and metadata. It has an Android app.
* machines/haku: set NIX_PATH to filtered pkgs.pathProfpatsch2020-08-301-2/+13
| | | | | | | | | | | | This is a step towards a saner deployment for these machines. The NIX_PATH is fixed, so that everything on the running system always uses exactly the nixpkgs version the system was deployed with. The deployment is done by copying the system closure and switching to it via the `bin/switch-to-configuration` script. Uses the reference to pkgs.path, and applies filterSourceGitignore on the directory, since I often deploy from a local checkout which is half a GB without the gitignore filter.
* machines/haku: add data-seeding groupProfpatsch2020-08-301-0/+3
| | | | used for access to /data/seeding
* machines/haku: remove rtorrentProfpatsch2020-08-301-1/+0
|
* machines/haku: make drawpile session persistentProfpatsch2020-05-021-3/+5
|
* machines/haku: add drawpileProfpatsch2020-05-021-0/+13
|
* machines/haku: accept terms & add necessary email addressProfpatsch2020-02-161-0/+3
|
* pkgs/profpatsch/warpspeed: 1.0 -> 1.1Profpatsch2020-01-261-1/+2
| | | | | | - Add argument for which host to bind against. - Add argument to specify where the root address should be redirected to (if at all)
* pkgs/profpatsch/youtube2audiopodcast: fix a few thingsProfpatsch2019-12-271-1/+1
|
* machines/profpatsch/haku: add rss2audiopodcast to nginxProfpatsch2019-12-271-1/+26
|
* treewide: use `runCommandLocal` where applicableProfpatsch2019-12-081-1/+1
| | | | | | | `runCommandLocal` was added to nixpkgs in https://github.com/NixOS/nixpkgs/pull/74642 to speed up trivial `runCommand` derivations by always building them locally. We have a few places where that’s good to use.
* machines/haku: add lisanne againProfpatsch2019-08-281-1/+1
|
* machines/haku: custom portsProfpatsch2019-08-281-0/+3
|
* machines/haku: add lisanneProfpatsch2019-08-271-0/+1
|
* machines/haku: set up as VPN server with wireguardProfpatsch2019-05-311-5/+54
| | | | | | | | | | | | Generates a wireguard configuration based on https://nixos.wiki/wiki/Wireguard and sets up the iptables firewall in a way that only enables forwarding between `eth0` and the `wg` interfaces. The standard NixOS firewall configuration allows `FORWARD` between all interfaces, and `networking.nat.enable` enables the `ip_forward` rule in the kernel, meaning packages can suddenly hop interfaces without a firewall that `DROP`s forwards by default.
* machines/haku: open less ports in firewallProfpatsch2019-05-161-3/+2
|
* machines/haku: add wireguard kernel moduleProfpatsch2018-12-301-0/+3
|
* machines/haku: add Thomas’s ssh pubkey to vorstandProfpatsch2018-12-301-0/+1
|
* machines/profpatsch: clean up configsProfpatsch2018-12-221-11/+0
| | | | Remove unused packages and commented out stuff.
* machines/haku: serve lojbanistan.de faviconProfpatsch2018-10-201-1/+15
|
* machines/haku: set NIX_PATH similar to kataraProfpatsch2018-06-051-0/+12
|
* machines/haku: pass to v4 localhost warpspeed explicitelyProfpatsch2018-02-171-1/+1
| | | | | Apparently nginx resolves localhost to [::1] in a newer version by defaul, yet my static file server only binds to 127.0.0.1.
* machines/haku: coi doProfpatsch2018-02-101-1/+1
|
* machines/haku: enable auto upgradeProfpatsch2018-02-091-0/+6
|
* machines/haku: remove unused services/attack vectorsProfpatsch2018-02-091-29/+11
|
* machines/haku: Revert setting addSSL to trueaszlig2017-09-011-1/+0
| | | | | | | | | | | | | This reverts commit 0cfbc3bcd4be9ba3798f1752f82f6ea2d3aba650. Since NixOS/nixpkgs@ae9d311565d8c790900ebbc0976e447034930112 the addSSL option is now mutually exclusive to forceSSL. Turns out that this actually was a bug that got introduced in NixOS/nixpkgs@a912a6a291eaa5f6a2ad9143c9e276779c357a41. Signed-off-by: aszlig <aszlig@redmoonstudios.org> Cc: @Profpatsch
* haku: add static vpn interfaceProfpatsch2017-09-011-0/+8
|
* machines/haku: add test mailinglistProfpatsch2017-09-011-1/+1
|
* machines/haku: Fix evaluation error for nginxaszlig2017-08-191-0/+1
| | | | | | | | In order to use forceSSL you now also need to use addSSL and there is an assertion now to check that since NixOS/nixpkgs@a912a6a291eaa5f6a2ad914. Signed-off-by: aszlig <aszlig@redmoonstudios.org> Cc: @Profpatsch
* machines/haku: forgot the firewall exception for searxProfpatsch2017-07-101-1/+3
|
* machines/haku: move searx from katara to hakuProfpatsch2017-07-101-0/+5
|
* machines/haku: remove pub subdomain againProfpatsch2017-07-081-8/+3
| | | | | Apparently `enableACME` doesn’t generate certificates for the right subdomains if they are on the same machine in different virtual hosts.
* machines/haku: add a pub subdomainProfpatsch2017-07-081-3/+8
|
* machines/haku: fix warpspeed serviceProfpatsch2017-07-081-2/+2
|
* machines/haku: add correct port numberProfpatsch2017-07-081-0/+2
|
* machines/haku: refactor a bit to include into base server configProfpatsch2017-07-081-2/+23
| | | | | Until now, the config on the actual server was deviating because I changed it locally.
* machines/profpatsch: factor out basic server configProfpatsch2017-01-271-75/+60
|
* machines.profpatsch: add hakuProfpatsch2017-01-251-0/+99
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-07-06 02:48:56 +0000